Improvement of the pfSense firewall with user services

Abstract

PfSense firewall is a free and reliable network operating system. In spite of that we miss more user-oriented services like web and mail server. However, running such services on important network building blocks (i.e. routers, firewalls etc.) could lead to a compromised network security. Therefore, we have researched the possibilities of improving pfSense firewall with additional user services in a way that will not compromise the security of the firewall itself as well as the network(s) behind it. As a result, we are proposing the use of »FreeBSD jail« operating system-level virtualization feature for every user service, which limits the consequences of its eventual compromisation. Furthermore, we have compared this new system with other similar systems. By describing the jails with user services and relations between them we have also prepared an implementation plan. Finally, we looked into upgrade issues of a such improved pfSense system and provided some suggestions for user interface development and future work on the subject.